A Conceptual Framework: Employee Behavior and Risk Mitigation in Cybersecurity for Omani SMEs
Keywords:
Cybersecurity, SMEs (Small and Medium Enterprises), Information Security Behaviour, Risk and Threat FactorsAbstract
The rise in cyber threats faced by Small and Medium Enterprises (SMEs) due to inadequate cybersecurity measures, particularly from insufficient employee awareness, limited resources, and outdated security infrastructures, has led to financial and reputational risks. This research addresses the problem of SMEs lacking robust cybersecurity frameworks, making them vulnerable to cyberattacks. The study aims to empirically evaluate the mediating role of information security behaviour types between risk factors, threat factors, and cybersecurity effectiveness in Omani SMEs. A quantitative research approach will be employed, involving surveys to collect data on key cybersecurity variables from a sample of 372 non-managerial employees, determined using the Raosoft sample size calculation model. Data analysis will involve statistical techniques such as Structural Equation Modelling (SEM) and mediation analysis. The findings of this research are expected to provide valuable insights into how SMEs in Oman can enhance cybersecurity strategies, mitigate risks, and foster a more cyber-secure organisational culture. The study will also contribute to developing practical guidelines for SMEs to strengthen cybersecurity awareness, improve risk management strategies, and ensure long-term digital resilience. Ultimately, this research offers actionable recommendations for SMEs, policymakers, and cybersecurity practitioners to enhance cybersecurity awareness and improve risk mitigation strategies.
References
Al-Alawi, A. I., Al-Bassam, S. A., & Mehrotra, A. A. (2020). Critical cybersecurity threats: Frontline issues faced by Bahraini organizations. In Implementing computational intelligence techniques for security systems design (pp. 210–229). IGI Global. https://doi.org/10.4018/978-1-5225-9746-9.ch010
Al-Harthy, I. M., & Ali, N. A. (2022). Determinants of BYOD protection behavior: An employee’s perspective. Journal of Theoretical and Applied Information Technology, 100(13), 1–12. http://www.jatit.org/volumes/Vol100No13/1Vol100No13.pdf
Al-Harthy, I. M., Rahim, F. A., Ali, N. A., & Singun, A. P. (2019, December). Theoretical bases of identifying determinants of protection intentions towards bring-your-own-device (BYOD) protection behaviors. In 2019 First International Conference of Intelligent Computing and Engineering (ICOICE) (pp. 1–9). IEEE. https://doi.org/10.1109/ICOICE48418.2019.9035132
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., & Xu, L. (2017). Gender difference and employees' cybersecurity behaviors. Computers in Human Behavior, 69, 437–443. https://doi.org/10.1016/j.chb.2016.12.040
Chu, A. M., & Chau, P. Y. (2014). Development and validation of instruments of information security deviant behavior. Decision Support Systems, 66, 93–101. https://doi.org/10.1016/j.dss.2014.06.007
Donalds, C., & Osei-Bryson, K. M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51, 102056. https://doi.org/10.1016/j.ijinfomgt.2019.102056
Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125. https://doi.org/10.1057/ejis.2009.6
Hussein, M. A., Ahmed, H. M. S., & Alraja, M. N. (2017). The adoption of information and communication technology by small and medium enterprises in Oman: Case of Dhofar region. Journal of Business and Retail Management Research, 11(3), 92–102. http://jbrmr.com/index.php?file=content&id=717
Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. J. (2019). Investigating the determinants of employees' cybersecurity behavior: The moderating effect of organizational culture. Computers in Human Behavior, 96, 261–270. https://doi.org/10.1016/j.chb.2019.02.024
Naradda Gamage, S. K., Ekanayake, E. M. S., Abeyrathne, G. A. K. N. J., Prasanna, R. P. I. R., Jayasundara, J. M. S. B., & Rajapakshe, P. S. K. (2020). A review of global challenges and survival strategies of small and medium enterprises (SMEs). Economies, 8(4), 79. https://doi.org/10.3390/economies8040079
Ndungu, S., Wanjau, K., Gichira, R., & Mwangi, W. (2018). Moderating role of entrepreneurial orientation on the relationship between information security risk assessment and firm performance in Kenya. International Journal of Professional Business Review, 3(2), 131–152. https://doi.org/10.26668/businessreview/2018.v3i2.97
Snyman, D., & Kruger, H. (2019). Behavioural threshold analysis: Methodological and practical considerations for applications in information security. Behaviour & Information Technology, 38(11), 1088–1106. https://doi.org/10.1080/0144929X.2019.1584646
Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24(2), 124–133. https://doi.org/10.1016/j.cose.2004.07.001.
Downloads
Published
Issue
Section
License
All materials contained within this journal are protected by Intellectual Property Corporation of Malaysia, Copyright Act 1987 and may not be reproduced, distributed, transmitted, displayed, published, or
broadcast without the prior, express written permission of Centre for Graduate Studies, Universiti Selangor, Malaysia. You may not alter or remove any copyright or other notice from copies of this content.
